By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,197 Members | 975 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,197 IT Pros & Developers. It's quick & easy.

smart way to replace characters

P: n/a
Hi Gurus

I am a novice - just so you know.

is there a smarter way to write:

$keywords = str_replace("'", "",$keywords);
$keywords = str_replace('"', '',$keywords);
$keywords = str_replace('`', '',$keywords);
$keywords = str_replace('(', '',$keywords);
$keywords = str_replace(')', '',$keywords);
$keywords = str_replace('.', '',$keywords);

I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go
in SQL i.e.

'Select * from a where a.description LIKE '%$keywords%'

TIA

- Nicolaas

TIA

- Nicolaas
Jul 17 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
DH
WindAndWaves wrote:
I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go
in SQL i.e.


Try this:

$out = eregi_replace("[^[:alnum:]]", "", $in);
Jul 17 '05 #2

P: n/a
WindAndWaves <ac****@ngaru.com> wrote:
is there a smarter way to write:

$keywords = str_replace("'", "",$keywords); [4 lines] $keywords = str_replace('.', '',$keywords);
Of you want to replace all chars to one char:
$arrOfChars=array("'", .... ,".");
$keywords=str_replace($arrOfChars,'',$keywords);

Also possible: str_replace($arrFrom, $arrTo, $line);
I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go
in SQL i.e.

'Select * from a where a.description LIKE '%$keywords%'


Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.

Jul 17 '05 #3

P: n/a

"Daniel Tryba" <sp**@tryba.invalid> wrote in message
news:41**********************@news6.xs4all.nl...
Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.


Can you explain to me what that means... sorry - but I am a complete novice.

Thank you.
Jul 17 '05 #4

P: n/a
WindAndWaves wrote:
"Daniel Tryba" <sp**@tryba.invalid> wrote in message
news:41**********************@news6.xs4all.nl...

Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.

Can you explain to me what that means... sorry - but I am a complete novice.

Thank you.


I believe what Daniel is saying is, if you want to replace a whole list
of characters with a single character (or no character), you can create
an array (which is a kind of list) of the bad characters you want to
replace:

$bad_chars = array("'", "\"", "`", "(", ")", ".");

and then using the str_replace function replace them all at once:

$keywords = str_replace($bad_chars, '', $keywords);

NM

--
convert uppercase WORDS to single keystrokes to reply
Jul 17 '05 #5

P: n/a
WindAndWaves <ac****@ngaru.com> wrote:
Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.


Can you explain to me what that means... sorry - but I am a complete novice.


For eg mysql the character that have to be escape (according to
http://nl3.php.net/manual/en/functio...ape-string.php) are:
NULL, \x00, \n, \r, \, ', " and \x1a.
Escaping in mysql is done by prepending a \: 'It\'s'

Other database engines are know to sometimes use ' to escape a literal '.
(so ' in a string should be transformed to 'It''s')

But the point I actually was trying to say: although you might want
constraints on the input to the database (eg only A-z and 0-9 (for which
the already mentioned regular expression is a prefect solution)) you
should _always be very sure_ that the string is escaped before
inserting.

For example:
mysql_query("insert into foo values ('".mysql_escape_string($keywords)."')");

Jul 17 '05 #6

P: n/a

"Daniel Tryba" <sp**@tryba.invalid> wrote in message
news:41**********************@news6.xs4all.nl...
WindAndWaves <ac****@ngaru.com> wrote:
Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.

Can you explain to me what that means... sorry - but I am a complete novice.


For eg mysql the character that have to be escape (according to
http://nl3.php.net/manual/en/functio...ape-string.php) are:
NULL, \x00, \n, \r, \, ', " and \x1a.
Escaping in mysql is done by prepending a \: 'It\'s'

Other database engines are know to sometimes use ' to escape a literal '.
(so ' in a string should be transformed to 'It''s')

But the point I actually was trying to say: although you might want
constraints on the input to the database (eg only A-z and 0-9 (for which
the already mentioned regular expression is a prefect solution)) you
should _always be very sure_ that the string is escaped before
inserting.

For example:
mysql_query("insert into foo values

('".mysql_escape_string($keywords)."')");


I agree, but I see that NULL is still to be ascaped if I only do A-z 0-9.
Do you think it still matters even if it is like, for example,

.... where `des`= 'test NULL'

or something along those lines.

Thanks

- Nicolaas
Jul 17 '05 #7

P: n/a
"WindAndWaves" <ac****@ngaru.com> wrote in message
news:CO*******************@news.xtra.co.nz...
Hi Gurus

I am a novice - just so you know.

is there a smarter way to write:

$keywords = str_replace("'", "",$keywords);
$keywords = str_replace('"', '',$keywords);
$keywords = str_replace('`', '',$keywords);
$keywords = str_replace('(', '',$keywords);
$keywords = str_replace(')', '',$keywords);
$keywords = str_replace('.', '',$keywords);

I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go in SQL i.e.

'Select * from a where a.description LIKE '%$keywords%'


Regexp is the obvious choice here as other have suggested. If that seems too
opaque, use strtr(), which does multiple find and replace on a string

$replacement_table = array(
'"' => '',
')' => '',
'(' => ''
);
$keywords = strtr($keywords, $replacement_table);

Jul 17 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.